3rd party tracking + its breaking SSL

  • Long time ago i gave this plugin 5/5 but now i need to change my opinion (and rating) – at least until the Author come with some clarifications.

    Right now i installed this plugin on clean WP and immediately noticed that my SSL fails when i go to settings. Quick check and there are two things i could not explain:
    1. Injection of some sort of tracking over MySQL “https://tracking.katzseo.com/tracking202/static/gpx.php?amount=”. Dont bother to look into the files you will not find anything. I’m sure somewhere is hidden but if you search for any of the words there is no trace in the files.
    2. Base64 coded image right before earlier mentioned tracking link. Maybe i could get over this part but knowing its not the only nonsense now i wonder what is else hidden in that code.

    To be sure this isnt something random (even i dont know how) i wiped out entire site, installed again and everything was back. To be even more sure i went to another host, with another domain, repeated all over again and same results. So its this plugin – no doubts.

    katzseo.com:
    1. Using WHOIS privacy so no way to know who is behind this domain.
    2. Based on IP its hosted with Vultr and doesnt share any visible connection with fastsecurecontactform.com (Hostgator).
    3. Domain is registered before 2 months, had previous owners, many DNS, MX and IP changes.
    4. I could not find a single word in FS contact form about this domain, what is this tracking collecting, why is collecting and why is the image connected with this domain coded with Base64, same as i would like to know if the image is the only thing inside that code.

    At this point i expect for the author to jump in and make some clarifications. For anyone else reading this comment – its your call.

    • This topic was modified 7 years, 7 months ago by diabolico.
Viewing 8 replies - 1 through 8 (of 8 total)

  • I had previously partnered with another plugin author to provide Constant Contact newsletter support. I will fix that in the next update thanks.

    Thread Starter diabolico

    (@diabolico)

    I’m happy to hear you will sort it out but now i would like to know how, why your plugin is using a tracking and why this pretty important “feature” was not mentioned anywhere in your docs?
    I know for Constant Contact and that you offered this service together with your plugin, but why tracking and what info was collected?

    I am trying to get an answer from the developer of the addon, only he knows.

    Thread Starter diabolico

    (@diabolico)

    No problem. When you find out please post it here. I’m willing to reconsider my rating but before that i need some straight answers.

    He said the tracking link was never used and that he had forgotten that this addon still had html code with the domain that expired. He has already removed the tracking link. It was stored in a transient so there could be period of hours before it refreshes.

    I am going to soon release a new version of my plugin with changes so the newsletter tab html and constant contact image loads from directly within the plugin instead of being fetched from his site.

    Thread Starter diabolico

    (@diabolico)

    He said the tracking link was never used

    But this plugin never mentioned there is/was any kind of tracking. How do you explain this? Plus, should i just believe because someone said “he was not tracking”. This statement could have some weight if this plugin in the first place had clearly said something between the lines “there is tracking of X because of Y”.
    There isnt any reason why anyone should trust you or the other Author. If i’m mistaken then please correct me and prove me wrong. My (eventual) apology is waiting.

    EDIT: Can he come out with details what that code is supposed to track regardless if was used or not? This part should be interesting and very important to anyone using your plugin.

    • This reply was modified 7 years, 7 months ago by diabolico.

    this is what he told me:
    “Hi Mike,
    I’m really sorry, I thought it was only affecting my plugin, not yours.

    I just fixed the issue and removed the tracking pixel. I never used it anyway, and forgot that the domain I had it connected to no longer active.”

    His plugin is an addon to my plugin to add Constant contact newsletter support on the “newsletter” tab. I did not know the broken tracking pixel it was there, it has been removed. Problem solved. Nothing else for me to do. Sorry for any inconvenience.

    Thread Starter diabolico

    (@diabolico)

    Well i must insist to get the answer what this code is supposed to track regardless if tracking was active or not. I dont really have any intention to “let it go” until i and everyone else get the right answer.

    • This reply was modified 7 years, 7 months ago by diabolico.
Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘3rd party tracking + its breaking SSL’ is closed to new replies.